GDPR and your business
Ovatu and GDPR compliance
GDPR stands for General Data Protection Regulation, which become enforceable in the EU on May 25th, 2018 and relates to how businesses process their customers’ personal data (information that identifies an individual). It covers issues such as:
- Using customers’ personal data in accordance with outlined principles (Article 5 – Processing Principles)
- Requesting consent to collect personal data (Articles 7, 8 & 9 - Consent)
- Enabling customers access to their personal data (Article 15 - Access)
- Providing copies of personal data to your customers (Article 20 – Data Portability)
- Rectifying personal data which is out of date or incorrect (Article 16 - Rectification)
- Fully deleting a customers’ personal data at their request (Article 17 - Erasure)
Can Ovatu offer me advice on how to comply with the GDPR?
Unfortunately no. We are unable to offer legal and compliance advice. We are also unable to contact your customers on your behalf. Complying with the GDPR is the responsibility of each individual business. The ICO is a great resource for information and advice.
The Ovatu team is happy to support and guide you in enabling and utilising our GDRP compliance features listed below.
- The Data Collection (Privacy) consent checkbox allows you to request that each new customer consents to you creating a file for them and storing their personal data. Once activated this checkbox displays whenever a new file is created either online or internally and must be selected in order to proceed. It applies to new customers only. For existing customers, if they, for any reason object to having their data stored, they may request for their file to be fully deleted.
- The Marketing Consent Checkbox is a separate checkbox which allows your customers to opt-in to receiving marketing and promotional materials from you. It also appears whenever a new customer file is created online or internally.
Unselected by default, selecting this checkbox, subscribes your customers to marketing materials from you. It does not affect transactional emails such as confirmation and reminders.
Instructions for activating the Data Collection (Privacy) and Marketing consent checkboxes can be found here.
- The Permanent Customer File Deletion tool allows you to fully and permanently delete a customer file. This is an irreversible process, so that you may comply with a customer’s request to remove all their data from your system. If full deletion is not appropriate, we also have an Archive option. Instructions for fully deleting a customer file can be found here.
- The Full Customer File Export tool allows you to obtain a complex export of absolutely every piece of data you have on file for a customer, including customer profile, sales, forms, custom fields, notes, photos, passes and gift cards. It comes to you via email, as a zip file, and contains data in various formats. The main file type is JSON, which is a common, machine readable, file format. Here are the steps for exporting a full customer file. If what you’re after is just the customer’s basic contact information in a simple CSV format, it’s best to use the Customer List Export, which is explained here.
- A separate Checkbox for consultation forms allows you to obtain additional consent for the data collected via an individual consultation form. For example, if you have a consultation form that requests sensitive data, you can add in a consent checkbox to this form to ask customers for consent for storing this data. Instructions on how to enable this checkbox within a consultation form can be found here.
Your existing customers can easily update their marketing preferences by logging into the customer area of your Ovatu mini-site and clicking the Marketing Preferences button. Here, they can select the Marketing Consent checkbox, once they do this, they can then nominate if they prefer to receive marketing materials via SMS, Email or both.
Please note that if you have not activated the Marketing Consent Checkbox, then this checkbox will not display. Customers will only see the option to choose whether they prefer to receive their marketing materials via SMS, Email or both.
You can also email your customers a special URL which takes them straight to the Marketing Preferences section of their customer account by inserting the following link into the email body: null. Instructions for how to do this can be found here.
Your existing customers can log into customer area of your Ovatu mini-site and click Edit Details. Here, they can make changes to their personal data.
You can also email your customers a special URL which takes them straight to the Edit Details section of their customer account by inserting the following link into the email body: null.
In order to work correctly, the Marketing Preferences URL needs to be sent to an actual customer. In order to successfully test an email containing the Marketing Preferences URL, please create a test customer, and send this email to the test customer.
I sent a mass SMS campaign with the Marketing Preferences URL but customers are unable to click the link. What should I check?
Please ensure that you have entered the URL correctly, without any spaces or formatting: null. Please also ensure that you have enabled the Marketing Consent checkbox. Click here for instructions.
You can do this by using the Filter options to the right of the customer list. From the Privacy Consent and Marketing Consent drop-down options, you can choose either Consent Accepted, Consent Declined, or Consent Not Obtained. You can also filter out any customers who have unsubscribed from Email or SMS marketing but selecting the Mass Email Unsubscribed or Mass SMS Unsubscribed checkboxes. Once you have selected your filter criteria, click Filter at the bottom. More instructions on filtering your customer list can be found here.
This too, can be done by using the Filter options to the right of the customer list. You can either choose from one of the drop-down options in the Inactive field (for example, select 12 months, for customers who have not had any appointments in the last 12 months), or you can nominate a date range, by entering a date into the Inactive from and Inactive to field. Please ensure that the Inactive to date is today’s date, and please also select the No Future Appointments checkbox. More instructions on filtering your customer list can be found here.
You can then delete or archive the filtered customers. Click here for instructions.
Can I enable the leave the Data Collection (Privacy) Consent and the Marketing Consent checkboxes, but leave the fields blank?
No. You must enter some text into the Title, Content and Accept Label fields. If you leave these black, your customers will only see a checkbox, with no corresponding information.
No. The Data Collection (Privacy) consent checkbox applies to new customers only. For existing customers, if they, for any reason object to having their data stored, they may request for their file to be fully deleted.
Existing customers who do not update their marketing preferences remain subscribed to all marketing materials (unless they had previously specifically unsubscribed).
Yes it does. Please just ensure that you sync your Ovatu customer list with MailChimp prior to sending a campaign. Instructions for this can be found here.